Isaca CISM Quiz 269 Topic 2 Questions 1341-1345

Question: 1

Which aspect of an incident response plan will MOST effectively help to limit reputational damage when multiple media services are seeking a response following a major security breach?

AThe plan has been approved by executive management.

BThe plan establishes clear lines of responsibility.

CThe plan complies with regulatory requirements.

DThe plan has been reviewed by the media relations team.

Show Answer

Question: 2

When two different controls are available to mitigate a risk, an information security manager's recommendation should be based on the results of a:

Acontrol evaluation

Bcost-benefit analysis

Ccountermeasure analysis

Dthreat analysis.

Show Answer

Question: 3

In a large organization, defining recovery time objectives (RTOs) is PRIMARILY the responsibility of;

Athe information security manager.

Bthe IT manager

Csenior management

Dthe business unit manager.

Show Answer

Question: 4

An organization recently implemented a data loss prevention (DLP) system. A senior business executive has complained that the system seriously impedes departmental effectiveness. What is the information security manager's BEST course of action?

ARequest risk acceptance.

BReview alternative controls.

CPerform a risk assessment.

DChange the DLP system.

Show Answer

Question: 5

An organization is the victim of an attack generating multiple incident reports. Which of the following will BEST enable incident handling and contain exposure?

AThe ability to effectively escalate incidents

BThe ability to acquire the appropriate resources

CThe ability to sort and classify events

DThe ability to isolate and secure the affected systems

Show Answer

Isaca CISM Quiz:269 Topic:2 Questions:1341-1345